windows-authenticode-signer

Sign Windows executables with Authenticode using signtool, supporting EV and standard certificates

509 stars

Best use case

windows-authenticode-signer is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Sign Windows executables with Authenticode using signtool, supporting EV and standard certificates

Teams using windows-authenticode-signer should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/windows-authenticode-signer/SKILL.md --create-dirs "https://raw.githubusercontent.com/a5c-ai/babysitter/main/library/specializations/desktop-development/skills/windows-authenticode-signer/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/windows-authenticode-signer/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How windows-authenticode-signer Compares

Feature / Agent	windows-authenticode-signer	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Sign Windows executables with Authenticode using signtool, supporting EV and standard certificates

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# windows-authenticode-signer

Sign Windows executables with Authenticode using signtool. This skill configures code signing for Windows applications with standard and EV certificates, timestamping, and CI/CD integration.

## Capabilities

- Sign executables with Authenticode
- Configure EV certificate signing
- Set up timestamping servers
- Sign with Azure Key Vault
- Configure CI/CD signing workflows
- Verify existing signatures
- Sign DLLs and nested binaries
- Configure dual SHA1/SHA256 signing

## Input Schema

```json
{
  "type": "object",
  "properties": {
    "executablePath": { "type": "string" },
    "certificateSource": { "enum": ["file", "store", "azure-keyvault", "digicert"] },
    "timestampServer": { "type": "string" },
    "hashAlgorithm": { "enum": ["SHA256", "SHA1", "dual"] }
  },
  "required": ["executablePath"]
}
```

## Signing Commands

```powershell
# Sign with PFX file
signtool sign /f certificate.pfx /p password /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 MyApp.exe

# Sign with certificate store
signtool sign /n "My Company" /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 MyApp.exe

# Sign with Azure Key Vault
AzureSignTool sign -kvu https://myvault.vault.azure.net -kvi $AZURE_CLIENT_ID -kvt $AZURE_TENANT_ID -kvs $AZURE_CLIENT_SECRET -kvc MyCertificate -tr http://timestamp.digicert.com -td sha256 MyApp.exe
```

## Verification

```powershell
signtool verify /pa /v MyApp.exe
```

## Related Skills

- `msix-package-generator`
- `code-signing-setup` process